-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathBT_BAN.ps1
196 lines (176 loc) · 8.65 KB
/
BT_BAN.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
Remove-Variable * -ErrorAction Ignore
$PS1URL = 'https://bt-ban.pages.dev/run'
$ZIPURL = 'https://bt-ban.pages.dev/IPLIST.zip'
Write-Output " 成功获取脚本"
$TASKINFO = Get-ScheduledTask BT_BAN_UPDATE -ErrorAction Ignore
$USERPATH = "$ENV:USERPROFILE\BT_BAN"
New-Item -ItemType Directory -Path $USERPATH -ErrorAction Ignore | Out-Null
if ((Get-Content $USERPATH\OUTPUT.log -ErrorAction Ignore).Count -ge 1000) {Move-Item $USERPATH\OUTPUT.log $USERPATH\OUTPUT.old -Force -ErrorAction Ignore}
$TOAST = {
try {
$AppId = 'BT_BAN_IPLIST'
$XML = '<toast DDPARM><visual><binding template="ToastText01"><text id="1">DDTEXT</text></binding></visual><audio silent="BOOL"/><actions>MYLINK</actions></toast>'
$XmlDocument = [Windows.Data.Xml.Dom.XmlDocument, Windows.Data.Xml.Dom.XmlDocument, ContentType = WindowsRuntime]::New()
$XmlDocument.loadXml($XML.Replace("DDPARM","$DDPARM").Replace("DDTEXT","$DDTEXT").Replace("BOOL","$SILENT").Replace("MYLINK","$MYLINK"))
[Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime]::CreateToastNotifier($AppId).Show($XmlDocument)
Write-Output (Get-Date).ToString() "$DDTEXT`n" | Out-File -Append $USERPATH\OUTPUT.log
} catch {Write-Output "`n 当前环境不支持推送通知,已跳过"}
}
$SET_NOTIFY = {
Write-Output @'
$DDTEXT = "当前共 $(((Get-NetFirewallDynamicKeywordAddress -Id '{3817fa89-3f21-49ca-a4a4-80541ddf7465}').Addresses -Split ',').Count) 条 IP 规则"
$AppId = 'BT_BAN_IPLIST'
$XML = '<toast><visual><binding template="ToastText01"><text id="1">DDTEXT</text></binding></visual><audio silent="true"/></toast>'
$XmlDocument = [Windows.Data.Xml.Dom.XmlDocument, Windows.Data.Xml.Dom.XmlDocument, ContentType = WindowsRuntime]::New()
$XmlDocument.loadXml($XML.Replace("DDTEXT","$DDTEXT"))
[Windows.UI.Notifications.ToastNotificationManager, Windows.UI.Notifications, ContentType = WindowsRuntime]::CreateToastNotifier($AppId).Show($XmlDocument)
'@ | Out-File -Encoding Unicode $USERPATH\NOTIFY.ps1
$VBS = 'createobject("wscript.shell").run "CMD",0'
$CMD = "powershell -v 3 -ExecutionPolicy Bypass $USERPATH\NOTIFY.ps1"
$VBS.Replace("CMD","$CMD") | Out-File -Encoding ASCII $USERPATH\NOTIFY.vbs
$PRINCIPAL = New-ScheduledTaskPrincipal -UserId $ENV:COMPUTERNAME\$ENV:USERNAME
$SETTINGS = New-ScheduledTaskSettingsSet -StartWhenAvailable -AllowStartIfOnBatteries
$TRIGGER1 = New-ScheduledTaskTrigger -Daily -At 00:05
$TRIGGER2 = New-ScheduledTaskTrigger -AtLogon -User $ENV:COMPUTERNAME\$ENV:USERNAME
$ACTION = New-ScheduledTaskAction -Execute $USERPATH\NOTIFY.vbs
$TASK = New-ScheduledTask -Principal $PRINCIPAL -Settings $SETTINGS -Trigger $TRIGGER1,$TRIGGER2 -Action $ACTION
Unregister-ScheduledTask BT_BAN_NOTIFY -Confirm:$false -ErrorAction Ignore
Register-ScheduledTask BT_BAN_NOTIFY -InputObject $TASK | Out-Null
}
$SET_UPDATE = {
$VBS = 'createobject("wscript.shell").run "CMD",0'
if ((Get-Content $USERPATH\UPDATE.vbs -ErrorAction Ignore) -Match '&') {$CMD = $(Get-Content $USERPATH\UPDATE.vbs)}
else {$CMD = "powershell -v 3 `"`"iex (irm $PS1URL -TimeoutSec 30)`"`""}
$VBS.Replace("CMD","$CMD") | Out-File -Encoding ASCII $USERPATH\UPDATE.vbs
$PRINCIPAL = New-ScheduledTaskPrincipal -UserId $ENV:COMPUTERNAME\$ENV:USERNAME -RunLevel Highest
$SETTINGS = New-ScheduledTaskSettingsSet -RestartCount 5 -RestartInterval (New-TimeSpan -Seconds 60) -StartWhenAvailable -AllowStartIfOnBatteries
$TRIGGER = New-ScheduledTaskTrigger -Once -At 00:00 -RepetitionInterval (New-TimeSpan -Hours 1) -RandomDelay (New-TimeSpan -Minutes 10)
$ACTION = New-ScheduledTaskAction -Execute $USERPATH\UPDATE.vbs
$TASK = New-ScheduledTask -Principal $PRINCIPAL -Settings $SETTINGS -Trigger $TRIGGER -Action $ACTION
Unregister-ScheduledTask BT_BAN_UPDATE -Confirm:$false -ErrorAction Ignore
Register-ScheduledTask BT_BAN_UPDATE -InputObject $TASK | Out-Null
$SILENT = 'false'
$DDTEXT = "任务计划已创建"
$DDPARM = ''
$MYLINK = ''
if ($TASKINFO) {$DDTEXT = "任务计划已重建"}
&$TOAST
Start-ScheduledTask BT_BAN_UPDATE
return
}
if ($TASKINFO.Principal.UserId -Match 'SYSTEM') {
if ($USERNAME = (quser) -Match '^>' -Replace ' .*' -Replace '>') {
} elseif ($USERNAME = (Get-WMIObject -class Win32_ComputerSystem).UserName){
} else {
$PROCINFO = Get-WmiObject Win32_Process -Filter "name='explorer.exe'"
$USERNAME = $PROCINFO.GetOwner().User
}
if ($USERNAME) {
$PRINCIPAL = New-ScheduledTaskPrincipal -UserId $USERNAME -RunLevel Highest
Set-ScheduledTask $TASKINFO.Uri -Principal $PRINCIPAL
Start-ScheduledTask $TASKINFO.Uri
exit
}
}
if ($TASKINFO) {
if ($TASKINFO.Principal.RunLevel -Notmatch 'Highest') {
$SILENT = 'false'
$DDTEXT = "当前任务计划未配置最高权限`n若提示权限不足,请执行启用命令重建`n> iex (irm bt-ban.pages.dev)`n无提示或正在重建时,请忽略本通知"
$DDPARM = 'duration="long"'
$MYLINK = '<action content="查看帮助" activationType="protocol" arguments="https://github.com/Oniicyan/BT_BAN"/>'
&$TOAST
$SETFLAG = 1
}
}
if ((Fltmc).Count -eq 3) {
$SILENT = 'false'
$DDTEXT = "权限不足`n请以正确方式执行脚本"
$DDPARM = ''
$MYLINK = ''
&$TOAST
exit 1
}
if ((Get-NetFirewallRule -DisplayName "BT_BAN_*").Count -lt 2) {
$SILENT = 'false'
$DDTEXT = "过滤规则丢失,请执行启用命令重建`n> iex (irm bt-ban.pages.dev)"
$DDPARM = 'scenario="incomingCall"'
$MYLINK = '<action content="查看帮助" activationType="protocol" arguments="https://github.com/Oniicyan/BT_BAN"/>'
&$TOAST
exit 1
}
if (Get-ScheduledTask BT_BAN_NOTIFY -ErrorAction Ignore) {
if ((Get-Content $USERPATH\NOTIFY.ps1 -ErrorAction Ignore) -Notmatch 'BT_BAN_IPLIST') {&$SET_NOTIFY}
if ((Get-Content $USERPATH\NOTIFY.vbs -ErrorAction Ignore) -Notmatch '-v 3') {&$SET_NOTIFY}
} else {
&$SET_NOTIFY
}
if ($TASKINFO) {
if ($TASKINFO.Uri -Notmatch 'BT_BAN_UPDATE') {$SETFLAG = 1}
if ($TASKINFO.Principal.UserId -Notmatch $ENV:USERNAME) {$SETFLAG = 1}
if ($TASKINFO.Triggers.Repetition.Interval -Notmatch 'PT1H') {$SETFLAG = 1}
if (!(Test-Path $USERPATH\UPDATE.vbs)) {$SETFLAG = 1}
if ((Get-Content $USERPATH\UPDATE.vbs -ErrorAction Ignore) -Notmatch '-v 3') {$SETFLAG = 1}
} else {$SETFLAG = 1}
if ($SETFLAG -eq 1) {
&$SET_UPDATE
return
}
while ($ZIP -lt 5) {
$ZIP++
try {
Invoke-RestMethod -OutFile $ENV:TEMP\IPLIST.zip $ZIPURL -TimeoutSec 30
break
} catch {
Write-Output " IP 列表下载失败,等待 1 分钟后尝试 ($ZIP/5)"
Start-Sleep 60
if ($ZIP -ge 5) {
$SILENT = 'true'
$DDTEXT = "IP 列表下载失败`n通常是服务器问题,跳过本次更新"
$DDPARM = ''
$MYLINK = ''
&$TOAST
exit 1
}
}
}
Expand-Archive -Force -Path $ENV:TEMP\IPLIST.zip -DestinationPath $ENV:TEMP
if ($Args[0]) {
try {$EXTEXT = $(Invoke-RestMethod $Args[0] -TimeoutSec 30)
} catch {
Write-Output (Get-Date).ToString() "获取用户附加规则失败,已跳过`n" | Out-File -Append $USERPATH\OUTPUT.log
return
}
$EXLIST = [Regex]::Matches($EXTEXT,'((\d{1,3}\.){3}\d{1,3}((\/\b([1-9]|[12][0-9]|3[0-2])\b)|-)?){1,2}|([0-9a-f]{4}:([0-9a-f]{1,4}::?){1,6}(([0-9a-f]{1,4})|:)((\/\b([1-9]|[1-9][0-9]|1[01][0-9]|12[0-8])\b)|-)?){1,2}').Value
if ($EXLIST) {
(Get-Content $ENV:TEMP\IPLIST.txt) + $EXLIST | Out-File -Encoding UTF8 $ENV:TEMP\IPLIST.txt
} else {
Write-Output (Get-Date).ToString() "解析用户附加规则为空,已跳过`n" | Out-File -Append $USERPATH\OUTPUT.log
}
}
if (Test-Path $USERPATH\IPLIST.txt) {
if (Compare-Object (Get-Content $ENV:TEMP\IPLIST.txt) (Get-Content $USERPATH\IPLIST.txt)) {
Move-Item $ENV:TEMP\IPLIST.txt $USERPATH\IPLIST.txt -Force -ErrorAction Ignore
} else {
return
}
} else {
Move-Item $ENV:TEMP\IPLIST.txt $USERPATH\IPLIST.txt -Force -ErrorAction Ignore
$NOTIFY = 1
}
$IPLIST = (Get-Content $USERPATH\IPLIST.txt) -Join ','
$DYKWID = '{3817fa89-3f21-49ca-a4a4-80541ddf7465}'
New-NetFirewallDynamicKeywordAddress -Id $DYKWID -Keyword "BT_BAN_IPLIST" -Addresses 1.2.3.4 -ErrorAction Ignore | Out-Null
Update-NetFirewallDynamicKeywordAddress -Id $DYKWID -Addresses $IPLIST | Out-Null
if ($NOTIFY) {
$SILENT = 'false'
$DDTEXT = "动态关键字已启用,当前共 $(((Get-NetFirewallDynamicKeywordAddress -Id $DYKWID).Addresses -Split ',').Count) 条 IP 规则"
$DDPARM = 'duration="long"'
$MYLINK = ''
&$TOAST
} else {
$SILENT = 'true'
$DDTEXT = "动态关键字已更新,当前共 $(((Get-NetFirewallDynamicKeywordAddress -Id $DYKWID).Addresses -Split ',').Count) 条 IP 规则"
$DDPARM = ''
$MYLINK = ''
Write-Output (Get-Date).ToString() "$DDTEXT`n" | Out-File -Append $USERPATH\OUTPUT.log
}